Sophos: 66% of lost USB drives are infected, none are encrypted

A little over a year ago, Avast released a report informing computer users about the increasing number of malware attacks targeting USB drives and Windows' AutoRun feature. The security outfit warned that out of 700,000 attacks on computers that voluntarily submitted data, one out of eight (13.5%) came from USB devices. Similar findings were published today.

Sophos researchers have tested 50 USB drives and found that two-thirds (33) were infected. The drives were purchased at a train company's lost property auction, so they were presumably owned by passengers before being misplaced. During testing, Sophos found 62 infected files and the worst drive contained six infected files representing four items of malware.

The fact that the drives were lost in the first place suggests that the original owners weren't the most attentive individuals, but it's alarming nonetheless. Not only were most of the drives infected, none of them were encrypted. Being the upstanding folks they are, Sophos didn't dig too deep, but it identified 4443 directly-accessible files that included the following info:

Lists of tax deductions.

Minutes of an activists' meeting.

School and University assignments.

AutoCAD drawings of work projects.

Photo albums of family and friends.

A CV and job application.

Software and web source code.

Sophos noted that although it didn't find any OS X-specific malware, nine of the keys seemingly belonged to Mac owners and seven were infected. In other words, Windows users shouldn't unconditionally trust USB drives that come from Apple users -- especially if they don't have an antivirus installed on their computer. Relatively few Mac owners use an antivirus.

Considering the high rate of malware, people have questioned whether some of the infected USB drives may have been deviously planted on the trains, but Ducklin doesn't buy that theory. "I strongly doubt it," he said. "In particular, the malware involved was mostly very prevalent, general-purpose, zombie stuff (there was even a Conficker in the 'other' category."

Ducklin answered the question with a question: "Why plant USB keys on trains (many of which don't get plugged in -- they get handed in to lost property, as we found) when you can just use the Internet and save yourself a lot of money?" "I think the malware prevalence tells a simple story of poor PC hygiene, rather than an esoteric story of deliberate hacker activity."

Sophos offered a few tips that should help keep you safe. Naturally, you should use an antivirus -- even on your Mac. There are plenty of freebies available for all platforms. Secondly, you should encrypt your private data, especially if you're going to transport it in public. Sophos offers a free encryption tool and there are plenty of others around, such as TrueCrypt.